Access profile setting | Grants access to* | |
Admin Users | System > Admin ... except Settings | Web UI |
admingrp | config system admin config system accprofile | CLI |
Auth Users | User ... | Web UI |
authusergrp | config user ... | CLI |
Autolearn Configuration | Auto Learn > Auto Learn Profile > Auto Learn Profile | Web UI |
learngrp | config server-policy custom-application ... config waf web-protection-profile autolearning-profile Note: Because generating an auto-learning profile also generates its required components, this area also confers Write permission to those components in the Web Protection Configuration/wafgrp area. | CLI |
Log & Report | Log&Report ... | Web UI |
loggrp | config log ... execute formatlogdisk | CLI |
Maintenance | System > Maintenance except System Time tab | Web UI |
mntgrp | diagnose system ... execute backup ... execute factoryreset execute reboot execute restore ... execute shutdown diagnose system flash ... | CLI |
Network Configuration | System > Network ... | Web UI |
netgrp | config router ... config system interface config system dns config system v-zone diagnose network ... except sniffer ... | CLI |
System Configuration | System ... except Network, Admin, and Maintenance tabs | Web UI |
sysgrp | config system except accprofile, admin, dns, interface, and v-zone diagnose hardware ... diagnose network sniffer ... diagnose system ... except flash ... execute date ... execute ha ... execute ping ... execute ping-option ... execute traceroute ... execute time ... | CLI |
Server Policy Configuration | Policy > Server Policy ... Server Objects ... Application Delivery ... | Web UI |
traroutegrp | config server-policy ... except custom-application ... config waf file-compress-rule config waf file-uncompress-rule config waf http-authen ... config waf url-rewrite ... diagnose policy ... | CLI |
Web Anti-Defacement Management | Web Anti-Defacement ... | Web UI |
wadgrp | config wad ... | CLI |
Web Protection Configuration | Policy > Web Protection ... Web Protection ... DoS Protection ... | Web UI |
wafgrp | config system dos-prevention config waf except: • config waf file-compress-rule • config waf file-uncompress-rule • config waf http-authen ... • config waf url-rewrite ... • config waf web-custom-robot • config waf web-protection-profile autolearning-profile • config waf web-robot • config waf x-forwarded-for | CLI |
Web Vulnerability Scan Configuration | Web Vulnerability Scan ... | Web UI |
wvsgrp | config wvs ... | CLI |
* For each config command, there is an equivalent get/show command, unless otherwise noted. config access requires write permission. get/show access requires read permission. |
Set a strong password for the admin administrator account, and change the password regularly. By default, this administrator account has no password. Failure to maintain the password of the admin administrator account could compromise the security of your FortiWeb appliance. |